The TLS VPN must be configured to limit authenticated client sessions to initial session source IP.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-264335 | SRG-NET-000019-VPN-002435 | SV-264335r984341_rule | CCI-001414 | medium |
| Description | ||||
| Limiting authenticated client sessions to the initial session source IP for TLS VPNs is a safeguard against session hijacking, replay, and man-in-the-middle attacks, maintaining integrity and confidentiality of communication between clients and servers. | ||||
| STIG | Date | |||
| Virtual Private Network (VPN) Security Requirements Guide | 2024-12-19 | |||
Related Frameworks
3 paths across 3 frameworks
Related Frameworks
NIST 800-531 mapping
AC-4
1.00
- DISA · 3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
NIST 800-1711 mapping
3.1.3
1.00
- DISA · 3 · disa_xccdf · related
- DISA · 2025-01-23 · disa_cci_list · equivalent
- NIST · Rev 2 (Feb 2020, errata Jan 2021) · nist_800_171_app_d · equivalent
CCI1 mapping
CCI-001414
1.00
- DISA · 3 · disa_xccdf · related
Details
Check Text (C-264335r984341_chk)
Verify the TLS VPN Gateway limits authenticated client sessions to initial session source IP.
If the TLS VPN Gateway does not limit authenticated client sessions to initial session source IP, this is a finding.
Fix Text (F-68156r984340_fix)
Configure the TLS VPN Gateway to limit authenticated client sessions to initial session source IP.